Cisco Cisco Wireless LAN Controller Module Technical Manual
Cisco 4400 Series Wireless LAN Controllers
PEAP Under Unified Wireless Networks with Microsoft Internet Authentication
Service (IAS)
Service (IAS)
Feedback: Help us help
you
you
Please rate this document.
This document solved my
problem.
problem.
Suggestions to improve this
document.
document.
(512 character limit)
If you have provided a
suggestion, please enter
your full name and e-mail
address. This information is
optional and allows us to
contact you if necessary.
suggestion, please enter
your full name and e-mail
address. This information is
optional and allows us to
contact you if necessary.
Excellent
Good
Average
Fair
Poor
Yes
No
Just Browsing
Name:
E-mail:
Submit
Introduction
This document provides a configuration example for setting up Protected Extensible Authentication Protocol
(PEAP) with Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2 authentication in a
Cisco Unified Wireless network with the Microsoft Internet Authentication Service (IAS) as the RADIUS server.
(PEAP) with Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2 authentication in a
Cisco Unified Wireless network with the Microsoft Internet Authentication Service (IAS) as the RADIUS server.
Prerequisites
Requirements
There is an assumption that the reader has knowledge of basic Windows 2003 installation and Cisco controller
installation since this document only covers the specific configurations to facilitate the tests.
installation since this document only covers the specific configurations to facilitate the tests.
Note: This document is intended to give the readers an example on the configuration required on MS server for
PEAP – MS CHAP Authentication. The Microsoft server configuration presented in this section has been tested
in the lab and found to be working as expected. If you have trouble configuring the Microsoft server, contact
Microsoft for help. Cisco TAC does not support Microsoft Windows server configuration.
PEAP – MS CHAP Authentication. The Microsoft server configuration presented in this section has been tested
in the lab and found to be working as expected. If you have trouble configuring the Microsoft server, contact
Microsoft for help. Cisco TAC does not support Microsoft Windows server configuration.
For initial installation and configuration information for the Cisco 4400 Series Controllers, refer to the
Quick Start
Guide: Cisco 4400 Series Wireless LAN Controllers
.
Microsoft Windows 2003 installation and configuration guides can be found at
Installing Windows Server 2003
R2
.
Before you begin, install the Microsoft Windows Server 2003 with SP1 operating system on each of the servers
in the test lab and update all Service Packs. Install the controllers and lightweight access points (LAPs) and
ensure that the latest software updates are configured.
in the test lab and update all Service Packs. Install the controllers and lightweight access points (LAPs) and
ensure that the latest software updates are configured.
Components Used
The information in this document is based on these software and hardware versions:
Cisco 4400 Series Controller that runs firmware Version 4.0
Cisco 1131 Lightweight Access Point Protocol (LWAPP) AP
Windows 2003 Enterprise server (SP1) with Internet Authentication Service (IAS), Certificate Authority
(CA), DHCP, and Domain Name System (DNS) services installed
(CA), DHCP, and Domain Name System (DNS) services installed
Windows XP Professional with SP 2 (and updated Service Packs) and Cisco Aironet 802.11a/b/g
Wireless network interface card (NIC)
Wireless network interface card (NIC)
Aironet Desktop Utility Version 4.0
Cisco 3560 Switch
The information in this document was created from the devices in a specific lab environment. All of the devices
used in this document started with a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
used in this document started with a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Document ID: 100397
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
PEAP Overview
Configure
Network Diagram
Configurations
Configure the Microsoft Windows 2003 Server
Configure the Microsoft Windows 2003 Server
Install and Configure DHCP Services on the Microsoft Windows 2003 Server
Install and Configure the Microsoft Windows 2003 Server as a Certificate Authority (CA) Server
Connect Clients to the Domain
Install the Internet Authentication Service on the Microsoft Windows 2003 Server and Request a
Certificate
Configure the Internet Authentication Service for PEAP-MS-CHAP v2 Authentication
Add Users to the Active Directory
Allow Wireless Access to Users
Configure the Wireless LAN Controller and Lightweight APs
Configure the WLC for RADIUS Authentication through MS IAS RADIUS Server
Configure a WLAN for the Clients
Configure the Wireless Clients
Configure the Wireless Clients for PEAP-MS CHAPv2 Authentication
Verify and Troubleshoot
Cisco Support Community - Featured Conversations
Related Information
HOME
SUPPORT
PRODUCT SUPPORT
WIRELESS
CISCO 4400 SERIES
WIRELESS LAN
CONTROLLERS
WIRELESS LAN
CONTROLLERS
CONFIGURE
CONFIGURATION EXAMPLES
AND TECHNOTES
AND TECHNOTES
PEAP Under Unified
Wireless Networks with
Microsoft Internet
Authentication Service
(IAS)
Wireless Networks with
Microsoft Internet
Authentication Service
(IAS)